GitHub Actions: require actions to be pinned to full-length commit SHA

[mgovers]

This is part of our goal to follow security best practices. See also https://docs.github.com/en/enterprise-cloud@latest/actions/reference/security/secure-use#using-third-party-actions

Cfr. https://docs.github.com/en/enterprise-cloud@latest/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#controlling-access-to-public-actions-and-reusable-workflows :

Require actions to be pinned to a full-length commit SHA: All actions must be pinned to a full-length commit SHA to be used. This includes actions from your enterprise and actions authored by GitHub. Reusable workflows can still be referenced by tag. For more information, see Secure use reference.

So we have to pin also the GitHub-owned (actions/checkout, ...) and PowerGridModel-owned action (pgm-version-bump) before we can enable enforcing.

Relates to:

• GitHub Actions: require actions to be pinned to full-length commit SHA power-grid-model#1372
• GitHub Actions: require actions to be pinned to full-length commit SHA power-grid-model-io#412
• GitHub Actions: require actions to be pinned to full-length commit SHA power-grid-model-ds#228
• GitHub Actions: require actions to be pinned to full-length commit SHA pgm-build-dependencies#15
• GitHub Actions: require actions to be pinned to full-length commit SHA #9
• GitHub Actions: require actions to be pinned to full-length commit SHA power-grid-model-workshop#56
• GitHub Actions: require actions to be pinned to full-length commit SHA power-grid-model-benchmark#17
• GitHub Actions: require actions to be pinned to full-length commit SHA homebrew-pgm#1